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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

LISTING OF CLAIMS: 

1 . (Currently Amended) An apparatus for detecting adversarial activity on a 
network, comprising: 

a memory adapted configured t o store a host table; 

a key exchanger adapted configured t o repeatedly derive a cipher key such that 
the resulting cipher key changes over time; 

a translator adapted configured t o translate detranslate predetermined portions of 
packet header information of a data packet according to a cipher algorithm keyed by the cipher 
key, wherein the predetermined portions include an -a previously translated address , the 
previously translated address being detranslated into the address ; 

a mapping device adapted configured to map the address to the host table; 

a host resolution device adapted configured to issue a request to the network to 
resolve the address when the address does not match an entry in the host table and to supplement 
the host table with the address upon receipt of a reply to the request that indicates that the 
address is valid; and 

an actuator adapted configured t o trigger a security device when the address does 
not match an entry in the host table. 

2. (Currently Amended) An apparatus as set forth in Claim 1, wherein the security 
device is a logging device adapted configured to log the data packet. 

3. (Currently Amended) An apparatus as set forth in Claim 1, wherein the security 
device is adapted c onfigured to signal an alarm when triggered. 
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4. (Currently Amended) An apparatus as set forth in Claim 1, wherein said host 
resolution device is adapted configured t o derive the host table using an address resolution 
protocol. 

5. (Currently Amended) An apparatus as set forth in Claim 1, further comprising: 
a network device adapted configured t o place the data packet onto a network 

when the address maps to the host table. 

6. (Currently Amended) A method for detecting adversarial activity on a network, 
comprising: 

storing a host table; 

repeatedly deriving a cipher key such that the resulting cipher key changes over 

time; 

translating detranslating p redetermined portions of packet header information of a 
data packet according to a cipher algorithm keyed by the cipher key, wherein the predetermined 
portions include an -a previously translated address , the previously translated address being 
detranslated into the address ; 

mapping the address to the host table; 

issuing a request to the network to resolve the address when the address does not 
match an entry in the host table and supplementing the host table with the address upon receipt 
of a reply to the request that indicates that the address is valid; and 

triggering a security device when the address does not match an entry in the host 

table. 

7. (Original) A method as set forth in Claim 6, further comprising: 

logging the data packet when the address does not match an entry in the host 

table. 

8. (Original) A method as set forth in Claim 6, further comprising: 
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signaling an alarm when the security device is triggered. 

9. (Previously Presented) A method as set forth in Claim 6, further comprising: 
deriving the host table using an address resolution protocol. 

10. (Original) A method as set forth in Claim 6, further comprising: 

placing the data packet onto a network when the address maps to the host table. 

1 1 . (Currently Amended) A device for detecting adversarial activity on a network, 
comprising: 

means for storing a host table; 

means for repeatedly deriving a cipher key such that the resulting cipher key 
changes over time; 

means for translating detranslating predetermined portions of packet header 
information of a data packet according to a cipher algorithm keyed by the cipher key, wherein 
the predetermined portions include an -a previously translated address , the previously translated 
address being detranslated into the address ; 

means for mapping the address to the host table; 

means for issuing a request to the network to resolve the address when the address 
does not match an entry in the host table and supplementing the host table with the address upon 
receipt of a reply to the request that indicates that the address is valid; and 

means for triggering a security device when the address does not match an entry 
in the host table. 

12. (Original) A device as set forth in Claim 11, further comprising: 

means for logging the data packet when the address does not match an entry in the 

host table. 

13. (Original) A device as set forth in Claim 11, further comprising: 
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means for signaling an alarm when the security device is triggered. 

14. (Previously Presented) A device as set forth in Claim 11, further comprising: 
means for deriving the host table using an address resolution protocol. 

15. (Original) A device as set forth in Claim 11, further comprising: 

means for placing the data packet onto a network when the address maps to the 

host table. 

1 6. (Currently Amended) A bastion host adapted for processing packet header 
information of a data packet, the bastion host being operable to: 

store a host table; 

repeatedly derive a cipher key such that the resulting cipher key changes over 

time; 

translate detranslate predetermined portions of packet header information of a 
data packet according to a cipher algorithm keyed by the cipher key, wherein the predetermined 
portions include an- a previously translated address , the previously translated address being 
detranslated into the address ; 

map the address to the host table; 

issuing a request to the network to resolve the address when the address does not 
match an entry in the host table and supplement the host table with the address upon receipt of a 
reply to the request that indicates that the address is valid; and 

trigger a security device when the address does not match an entry in the host 

table. 

17. (Original) The bastion host as set forth in Claim 16, the bastion host being further 
operable to log the data packet when the address does not match an entry in the host table. 
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1 8. (Original) The bastion host as set forth in Claim 16, the bastion host being further 
operable to signal an alarm when the security device is triggered. 

19. (Previously Presented) The bastion host as set forth in Claim 16, the bastion host 
being further operable to derive the host table using an address resolution protocol. 

20. (Original) The bastion host as set forth in Claim 16, the bastion host being further 
operable to place the data packet onto a network when the address maps to the host table. 

Claims 21-24 (Cancelled) 

25. (Currently Amended) An apparatus as set forth in Claim 1 , wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein said translator is 
adapted configured to translate detranslate t he apparatus portion of the address without also 



26. (Currently Amended) An apparatus as set forth in Claim 1 , wherein the data 
packet includes a translated packet header with a plurality of fields carrying packet header 
information, the translated packet header including the translated packet header information in 
one or more predetermined fields of the translated packet header interspersed with un-translated 
packet header information in fields other than the one or more fields of the translated packet 
header, and 

wherein said translator is adapted configured to translate d etranslate at least a portion of 
the packet header information in the one or more predetermined fields of the header into a 
translated packet header, the translated packet header including the translated packet header 
information in the one or more predetermined fields of the packet header interspersed with un 
translated packet header information in fields other than the one or more fields of the packet 




letranslating t he network portion of the address. 
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27. (Currently Amended) A method as set forth in Claim 6, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein translating 
detranslating p redetermined portions of packet header information includes translating 
detranslating t he apparatus portion of the address without also translating detranslating the 
network portion of the address. 

28. (Currently Amended) A method as set forth in Claim 6, wherein the data packet 
includes a translated packet header with a plurality of fields carrying packet header information, 
the translated packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated packet 
header information in fields other than the one or more fields of the translated packet header, and 
wherein translating detranslating predetermined portions of packet header information 
comprises: 

translating detranslating at least a portion of the packet header information in the one or 
more predetermined fields of the header into a translated packet header, the translated packet 
header including the translated packet header information in the one or more predetermined 
fields of the packet header interspersed with un - translated packet header information in fields 
other than the one or more fields of the packet header . 

29. (Currently Amended) A device as set forth in Claim 1 1, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein said means for 
translating predetermined portions of packet header information is adapted configured to 
translate detranslate t he apparatus portion of the address without also translating detranslating t he 
network portion of the address. 
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30. (Currently Amended) A device as set forth in Claim 1 1 , wherein the data packet 
includes a translated packet header with a plurality of fields carrying packet header information, 
the translated packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated packet 
header information in fields other than the one or more fields of the translated packet header, and 
wherein said means for translating detranslating p redetermined portions of packet header 
information is adapted configured to translate detranslate at least a portion of the packet header 
information in the one or more predetermined fields of th e header, and is further adapted to copy 
the translated packet header information into the respective one or more fields of the header to 
thereby generate a translated packet header, the translated packet header including the translated 
packet header information in the one or more predetermined fields o f the pa c ket header 
interspersed with un translated packet header information in one or more other fields of the 
packet header . 

3 1 . (Currently Amended) A bastion host as set forth in Claim 1 6, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein the bastion host is 
operable to translate detranslate predetermined portions of packet header information including 
transl ating detranslating the apparatus portion of the address without also translating 
detranslati ng the network portion of the address. 

32. (Currently Amended) A bastion host as set forth in Claim 16, wherein the data 
packet includes a translated packet header with a plurality of fields carrying packet header 
information, the translated packet header including the translated packet header information in 
one or more predetermined fields of the translated packet header interspersed with un-translated 
packet header information in fields other than the one or more fields of the translated packet 
header, and wherein the bastion host is operable to translate detranslate p redetermined portions 
of packet header information including: 

translating detranslating at least a portion of the packet header information in the one or 
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more predetermined fields of the header-i 
header including the translated packet header information in the one or more pr e d e termined 
fields of the packet header interspersed with un - translated pac ket head er informati on in fi el d s 
other than the one or more fields of the packet header . 
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